The Kids Online Safety Act sounds like something no reasonable person could oppose. Protect children from harmful content online. Who argues with that? But the legislation — and the age verification infrastructure it demands — is shaping up to be one of the most significant threats to online privacy and free speech in a generation. And the tech industry, civil liberties groups, and privacy advocates who’ve been sounding the alarm deserve to be heard over the bipartisan applause.
The Intercept published a detailed investigation in March 2026 laying out how KOSA’s age verification mandates would effectively create a system of universal identity checks for internet access. Not just for kids. For everyone. The logic is simple: to prove someone is over 13 or 16 or 18, platforms need to verify the ages of all users. That means government-issued IDs, biometric scans, or third-party verification databases become the toll booth for accessing lawful speech online.
This isn’t hypothetical.
Louisiana implemented an age verification law for pornography sites in 2023, requiring state ID uploads. Within months, traffic to affected sites dropped roughly 80%, according to data tracked by Wired. Users didn’t stop seeking the content — they shifted to VPNs and unregulated platforms with fewer safety measures. The law didn’t protect anyone. It just drove activity underground while normalizing ID requirements for web browsing.
Texas, Mississippi, Virginia, and Utah followed with similar mandates. The pattern repeated. Pornhub and other major sites blocked access in those states entirely rather than build compliance systems. The Electronic Frontier Foundation has documented how these state-level laws served as testing grounds for the federal approach embodied in KOSA, each iteration expanding the categories of “harmful” content that trigger verification requirements.
Here’s the core problem with KOSA that its supporters don’t want to discuss honestly: the bill gives the Federal Trade Commission broad authority to determine what content is “harmful to minors.” That’s an enormous grant of regulatory power with deliberately vague boundaries. Content about eating disorders, anxiety, substance abuse, bullying, even certain political topics — all potentially fall under the FTC’s discretion. So a teenager researching their own mental health crisis could find that content locked behind an ID wall. A 15-year-old questioning their sexuality might face verification barriers to access LGBTQ+ resources. The chilling effect is real and predictable.
Senator Ron Wyden called KOSA “a wolf in sheep’s clothing” that would “give government officials the power to censor content they don’t like.” He’s right.
The age verification industry itself tells you everything you need to know about the incentives at play. Companies like Yoti, Jumio, and Incode have spent millions lobbying for these mandates, according to OpenSecrets lobbying disclosures. They stand to profit enormously from a world where every website interaction requires identity confirmation. Yoti alone reported processing over 400 million age verifications globally by 2025. The company insists its technology can estimate age from facial analysis without storing biometric data. But independent audits of such claims remain scarce, and the track record of private companies safeguarding sensitive personal information is, to put it charitably, poor.
Remember Equifax? That breach exposed the Social Security numbers of 147 million Americans. Now imagine a centralized database — or even a distributed network — of age verification records linking real identities to specific websites visited, specific content consumed. The surveillance potential is staggering. And it’s not paranoia to point it out when intelligence agencies and law enforcement have repeatedly sought access to exactly this kind of data.
The First Amendment issues are just as serious. Federal courts have already struck down several state-level age verification laws. In 2024, a federal judge blocked enforcement of Texas’s age verification statute, ruling it likely violated the First Amendment by imposing unconstitutional burdens on adults’ access to protected speech. Reuters reported that the ruling cited the Supreme Court’s long-standing precedent that the government cannot reduce the adult population to reading only what is fit for children. KOSA’s supporters argue the federal bill is more carefully drafted. But the fundamental constitutional tension hasn’t been resolved.
Some proponents point to the UK’s Online Safety Act as a model. They shouldn’t. Implementation has been plagued by technical failures, scope creep, and widespread criticism from digital rights organizations. Ofcom, the UK regulator, has struggled to define enforceable standards, and platforms have complained about contradictory requirements. The Guardian has reported extensively on how the law has been used to pressure platforms into over-removing lawful content — exactly the outcome critics predicted.
The tech industry’s response has been characteristically incoherent. Major platforms publicly support “child safety” in the abstract while quietly lobbying against specific provisions that would cost them money or expose them to liability. Apple has promoted its own device-level parental controls as an alternative to legislative mandates. Google has implemented supervised account features. These aren’t perfect solutions, but they at least keep verification decisions in the hands of parents rather than the government.
And that’s the distinction KOSA’s backers keep blurring. Parental oversight tools are fundamentally different from state-mandated identity verification. One empowers families. The other empowers bureaucracies.
The political dynamics make this fight particularly treacherous. Child safety legislation attracts bipartisan support because opposing it requires explaining nuance to constituents who see a simple question: don’t you want to protect kids? Senator Marsha Blackburn and Senator Richard Blumenthal, KOSA’s primary sponsors, have framed criticism as tech industry obstruction. That framing is effective. It’s also dishonest. The opposition includes pediatricians, LGBTQ+ advocacy organizations, libraries, and dozens of civil liberties groups — not just Silicon Valley lobbyists.
The ACLU has been unequivocal: KOSA would “undermine the rights of young people and adults alike.” Fight for the Future, a digital rights organization, organized a coalition of over 90 human rights groups opposing the bill. These aren’t fringe voices.
So where does this leave us? KOSA in its current form is bad law. It substitutes the appearance of action for effective policy. It creates massive privacy risks to solve a problem that would be better addressed through platform design requirements, parental tools, digital literacy education, and targeted enforcement against genuinely predatory behavior. The age verification mandate is a surveillance architecture dressed up as child protection.
The children deserve better. So do the rest of us.


WebProNews is an iEntry Publication